This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

REST and AustralianSuper

Summary

Multiple major Australian superannuation funds, including REST and AustralianSuper, were targeted in a coordinated credential stuffing attack over the weekend of 29-30 March 2025. The sophisticated attack used stolen or compromised passwords to access approximately 20,600 member accounts. AustralianSuper was the only fund where members suffered financial losses, with 10 members losing a total of $750,000, though all affected members were fully reimbursed.

What Happened

Over the weekend of 29-30 March 2025, cybercriminals launched a coordinated, well-funded and sophisticated credential stuffing attack against major Australian superannuation funds including REST, AustralianSuper, Hostplus, Insignia Financial, and Australian Retirement Trust. The attackers used stolen or approximated email addresses and passwords to gain unauthorised access to member accounts. REST experienced the largest impact with approximately 20,000 accounts accessed (around 1 per cent of its two million members), whilst AustralianSuper had 600 member accounts compromised.

Impact on Individuals

The attack affected approximately 20,600 superannuation members across multiple funds. At REST, 8,000 members had their personal information accessed but no funds were transferred. At AustralianSuper, 10 members suffered financial losses totalling $750,000, though all were fully reimbursed by the fund. Hostplus confirmed no financial losses occurred for its members. The incident targeted retirement savings of Australian pensioners and workers.

Organisational Response

All affected superannuation funds urged members to check their accounts for fraudulent activity, verify banking details, and change passwords if they were not unique to their super account. AustralianSuper fully reimbursed all 10 members who suffered financial losses. Cybersecurity experts emphasised the need for multi-factor authentication for all customers. The coordinated nature of the attack prompted industry-wide security reviews and enhanced protective measures.

Verification Source: View original statement